Embed Size (px)
Citation preview
Social Networking & PrivacyAdvanced Commercial Law: Law of Electronic Commerce
SMU Dedman School of Law
Edward Marx
SVP/CIO Texas Health
October 2009
Flow
• Video
• Texas Health and Ed Marx
• Social Networking
• One Executive and Companies Journey
• Privacy & Policy
• The Key Challenge
• Discussion
• More than 18,000 Employees
• More than 3,600 Active Staff Physicians
• 14 Hospitals
• 6 JV Hospitals
• 22 Ambulatory Healthcare Sites
• More than 3400 Licensed Hospital Beds
Texas Health
Edward Marx
• Colorado State University (BS, MS)
• Army Combat Engineer Officer
• Healthcare IT Leadership Career
• Texas Health Services Authority Board
• Dallas Newcomer of the Year (2008)
• SMU Engineering School Advisory
• TCU Business School Advisory
IT Slide of Pride
InnovatorInnovator
Social Network Primer
―Social networks will be like air‖
-- Charlene Li, Forrester Research
Why Pay Attention
• Mainstream
• Innovation
• Relevant Leadership
• Marketing
• Collaboration
• Communication
• Community
Personal/Professional Journey
• Intra Company Email/Blogs/IM
• ServeLists
• Triathlon Bulletin Boards
• SecondLife
• Twitter & Yammer
• Hosted Blog
build business
Blog
advancing ideas & concepts
Texas Health Journey
• The Mountain
– Culture
– Fear
– Security & Privacy
– Healthcare Regulations (HIPAA)
• The Climb
– Planning
– Base Camp
– Risk
YouTube Channel
FaceBook Site
Yammer
MOSS as Web 2.0
Social Media
• THR has Assumed a Leading Role in Social Media
– New tools to directly reach online customers, potential patients
– Builds on image as open environment for potential employees
– Builds on ―Most-Wired‖ positioning as technologically-forward
• Social Media is Vibrant & Growing (―Jump in and figure it out‖)
– Usage spreads quickly and organically
– Traditional planning processes are not as conducive to success
as iterative prototyping
• Social Media Users Determine Success by:
– Usage
– Content is the kingmaker
Current Situation
• Facebook 760 Friends
• Twitter 681 Followers
• YouTube Channel 125 videos posted with 30,505 views
• Yammer 850 users in 43 groups
• IM/Video
• Multiple Blog Presences – The “Care” in Health Care – THFW
– Live from a Hospital – THSW
– Keeping Pulse – THAM
– The Story Behind the Scrubs – THHEB
– Words from Winjie – Industry blog by Winjie Miao
– CIO Unplugged – Industry blog from Edward Marx
• Listening Posts
– Internal pulse checks with employees (Mail to the Chief, Pulse Panels)
– Active listening for hot button issues discussed externally
– Outside service bureau for more comprehensive reporting/monitoring
Near Future Possibilities• Advances in Medicine ―meet-ups‖ (Facebook & Twitter)
• YouTube Video Press Releases
• Service-line Specific Blogs/Forums– Linking patients with common interests for support/networking
– Linking across communities
• Internal Tools– MySite employee pages
– Executive blogs, Wikis, discussion forums, etc.
• System Recruitment– Facebook & Linkedin pages + Events
– Mobile landing pages for mobile recruitment campaigns
• Augmented Reality, Mobile Apps and Google Wave
• Physician Engagement & Outreach – CareTube
– CareSuite
Privacy & Policy
• Texas Health Journey
• Policy / Guidelines
• National Survey Results
Sample Guidelines
• Follow All Applicable Company Policies
• Be a Responsible Social Media Citizen
• Disclose Your Connection with Company
• Write in the First Person
• Cite Your References
• Respect Your Audience
• Use a Personal e-mail Address
• Try to Add Value & Avoid Conflicts
• Ask Before You Publish
Privacy
• Too Much Information (TMI)
• Personal Health Information (PHI)
• Personal Rights
– ACLU
– Canada
• IP Issues
• Brand Damage
• Securities
Social Network Survey
*8/2009 Health Care Compliance Association & Society of Corporate Compliance & Ethics
Social Network Survey
*8/2009 Health Care Compliance Association & Society of Corporate Compliance & Ethics
Social Network Survey
*8/2009 Health Care Compliance Association & Society of Corporate Compliance & Ethics
Gartner Opinion
• Social-networking (SN) sites provide new channels for marketing and CRM
• Uncontrolled use of SN sites by staff can expose internal corporate activities
and intellectual property to inappropriate audiences.
• SN sites provide mechanisms for rapid, viral distribution of active and
passive content that can include illegal, damaging and offensive material.
• Personal and corporate information posted on SN sites can be used to
support identity fraud and competitive espionage activities.
• Enterprises need to ensure that they maintain control over their content.
• SN firms that attempt to gain control over content through licensing or other
means should be avoided at all costs.
• Whether they "explicitly" try to take control now or not, there is no telling
who might buy their property and, typically, what safeguards they may put in
place to protect your content.
Discussion
• Personal & Professional
– What is the Right Balance?
– Who Decides the Balance?
• Do Fears Outweigh Risks?
• Can you Still Separate Life Roles?
• Other Thoughts?
Contact
• Blog http://tiny.cc/DQJO8
• Twitter http://twitter.com/marxists
• LinkedIn www.linkedin.com/in/edwardmarx
• Facebook www.facebook.com/edwardmarx
• Email [email protected]
30
Appendix One
Social Media @ THR
Blogs, wikis, social networks, virtual worlds and Social Media
Strategy & Plans
September 2009
Blogs, podcasts, wiki articles, photos, videos
Comments, ratings, reviews
Tags, feeds, voting
Social networks
Read, watch, listen
Not a Fad
Appendix Two
Privacy in Healthcare Context
• Emerging Practice Given Ubiquitous
Technology Deployment
• HIPAA & Perverse Consequences
• Plethora of Proposed Laws
HIPAA 101
• HIPAA was designed to:– Ensure health insurance portability
– Reduce health care fraud and abuse
– Guarantee privacy and security of health information
– Provide standards for electronic exchange of health information
• Examples of HIPAA’s impact include:– Portability.
• Guarantees medical coverage renewal, prohibits discrimination based on health status, and eliminates some preexisting conditions exclusions.
– Transaction Standards and Unique Identifiers • Creates standard formats and code sets for all major digital transactions
and provides national identifiers for providers, employers and payors.
– Security Rule.• Provides a uniform level of protection of all electronic health information.
– Privacy Rule.• Addresses the rights of an individual, the procedures for exercising these
rights and the uses and disclosures of health information. Confidentiality.
HIPAA protects the rights of individuals, not just
patients. An individual is the subject of health
information. This can include patients and health plan
participants and their covered dependents. These same
rights extend to legally authorized representatives.
A covered entity's workforce
includes employees, volunteers,
people whose conduct is under
the direct control of a covered
entity, and people involved in a
covered entity's training
programs.
Individually Identifiable Health Information (IIHI) is
health information that either identifies an individual or
provides a reasonable basis for identifying an individual,
by virtue of containing one or more of 18 identifiers.
PHI stands for Protected Health Information. This is
health information—in any form—that can identify an
individual. HIPAA and Texas state law defines how PHI
may be used and disclosed.
HIPAA Glossary
National v. State Regulation
• Many states, including Texas, passed their
own versions of HIPAA.
• HIPAA resolved this issue by instructing that
when state and federal versions differ, the
more restrictive version applies.
• Texas Health has reconciled state and federal
law; more restrictive law is reflected in our
privacy policies and training.
Providers. Texas Health is a health care provider. Providers range from large hospital systems to individual nursing homes, labs, and pharmacies. Health care providers are also doctors, nurses, dentists, psychotherapists, and others who care for patients.
Plans or Payors. Examples include Cigna, United Health Care, Blue Cross/Blue Shield, and Aetna.
ClearinghousesThese are systems that process information for other companies such as most billing services like WebMD Envoy® .
Who is Included?
Protected Health Information
• Identifies the individual
• With respect to which there is a reasonable basis to believe that the information can be used to identify the individual
• If the following information is removed, it is presumed to be non-identifiable information:
-Name -Names of Relatives
-Street Name -Names of Employers
-City -Date of Birth
-County -Telephone Numbers
-Zip Code -Fax Numbers
-Equivalent Geocodes -E-Mail Addresses
-Social Security # -Medical Record #
-Health Plan # -Account #
-Certificate/License # -Vehicle or Device Serial #
-Finger & Voice Prints -Internet Protocol Address
-Photo Images
The Key Practical Challenge
• Caregiver v. Compliance
• Real Life Tension
• Los Angeles Times
• Jacksonville
• Harvard Journal of Law and Technology
• Obstacles to Success
• Hardcore Realities
Public/Private Solution?
• Regulatory Logjam
• Provider Paralysis and Bureaucracy
• Obama Impact?
• HITrust Collaborative; A Leading Approach
– Health Information Trust Alliance
– What is it and What can it Accomplish
– Texas Health Involvement
